<?php
require_once("OAuth.php");
class Opensocial
{
	private $oauth_signature;

	public function __construct()
	{
		$this->oauth_signature    = $_GET['oauth_signature'];
	}

	/**
	 * 请求验证
	 */
	public function check_signature($plat = "yaba")
	{
		if(!function_exists("openssl_get_publickey")) {
			return false;
		}
		//Build a request object from the current request
		$request = OAuthRequest::from_request(null, null, array_merge($_GET, $_POST));

		//Initialize the new signature method
		$signature_method = new OSSignatureMethod();
		$signature_method->set_public_cert($plat);

		//Check the request signature
		$signature_valid = $signature_method->check_signature($request, null, null, $_GET["oauth_signature"]);
		//Build the output object
		$payload = array();
		if ($signature_valid == true) return true;
		else return false;
	}

}

class OSSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 {

	public $cert;
	/**
	 *
	 */
	protected function fetch_public_cert(&$request)
	{
		return $this->cert;
	}

	protected function fetch_private_cert(&$request){}

	/**
	 *
	 */
	public function set_public_cert($plat = "")
	{
		if($plat == "yaba")
		{
			$this->cert = <<<EOF
-----BEGIN CERTIFICATE-----
MIICOTCCAaKgAwIBAgIJAK3cE459+jV9MA0GCSqGSIb3DQEBBAUAMB4xHDAaBgNV
BAMTE3NiLm1iZ2EtcGxhdGZvcm0uanAwHhcNMTAwODI1MDkzNzI4WhcNMTEwODI1
MDkzNzI4WjAeMRwwGgYDVQQDExNzYi5tYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDZ8xJKX1rPli72IF2L+tRV9Tk1c2kRixEEwzxR
T2bz37w/8XJQaMVxtFQMCYqquZUmHDss4JgF/prE4HGnX0j6x9MZUrt0k2VzDINm
Y+F61QJZCLqqy5MBxR9Dyu87DucPf7WsP3C1EMrfB8c29qVT7is+pMuYDowmsPql
eJ4pswIDAQABo38wfTAdBgNVHQ4EFgQUtNIqfC+B1PmcIhDmIA8+QxALZU4wTgYD
VR0jBEcwRYAUtNIqfC+B1PmcIhDmIA8+QxALZU6hIqQgMB4xHDAaBgNVBAMTE3Ni
Lm1iZ2EtcGxhdGZvcm0uanCCCQCt3BOOffo1fTAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBAUAA4GBALN/bYV+Vbr2z4edz2+hogP+PwW5IgV5sCohwcMAVVkmA9qs
RVPDSjm6E5e05kiCNAQQJpu2/d/i1xDuSjPpNMGaawapzNVbXh3xYwNkD8wrs1kM
tjKaDjOi4YhwIlhingNhsrozKW6jHBY/RXi/oRmAKsByIx72I4yFjHwZuXk+
-----END CERTIFICATE-----
EOF;
/*			$this->cert = <<<EOF
-----BEGIN CERTIFICATE-----
MIICMDCCAZmgAwIBAgIJAKgXukluiO9rMA0GCSqGSIb3DQEBBAUAMBsxGTAXBgNV
BAMTEG1iZ2EtcGxhdGZvcm0uanAwHhcNMTAwODI1MDkzNzM5WhcNMTEwODI1MDkz
NzM5WjAbMRkwFwYDVQQDExBtYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDJiPISeGA1qFk3iCX/71yYN7DiHQhkkcEokr0WiOoHXEMH
bq25kb2oMFrUthS3FldzlCJQl6qfYcI2Q48LFoLjaaORkhNuW5WzqvRQSezyRBNS
3Z8LBmlEkqBnwLMA3BQTtgNctMajEzRGxd/1eLg4bQwpjVwzokxBVjNDZNh3dwID
AQABo3wwejAdBgNVHQ4EFgQUDGmQcD11YTlCXrGvuwbeO2g9tR0wSwYDVR0jBEQw
QoAUDGmQcD11YTlCXrGvuwbeO2g9tR2hH6QdMBsxGTAXBgNVBAMTEG1iZ2EtcGxh
dGZvcm0uanCCCQCoF7pJbojvazAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUA
A4GBAAqX8b8CSfg9w7CyzpW2xMMYEgQtCh+z74+yDRb6VRVLqxGBW+1csd0IAH3T
NXY4rq3fwMJXnL56NCAcLu8cMjztSmp99qJ7hXsJH/r8mSZqmnv9avtz5/poNKJA
nETWH2q7bYK7+efS974dos+SGMcLwGDzcMpq705HJ/ZIT8jC
-----END CERTIFICATE-----
EOF;
*/
		}
		elseif($plat == "mixi")
		{
			$this->cert = <<<EOF
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIJAOi/chE0MhufMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
BAYTAkpQMREwDwYDVQQKEwhtaXhpIEluYzEQMA4GA1UEAxMHbWl4aS5qcDAeFw0w
OTA0MjgwNzAyMTVaFw0xMDA0MjgwNzAyMTVaMDIxCzAJBgNVBAYTAkpQMREwDwYD
VQQKEwhtaXhpIEluYzEQMA4GA1UEAxMHbWl4aS5qcDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwEj53VlQcv1WHvfWlTP+T1lXUg91W+bgJSuHAD89PdVf9Ujn
i92EkbjqaLDzA43+U5ULlK/05jROnGwFBVdISxULgevSpiTfgbfCcKbRW7hXrTSm
jFREp7YOvflT3rr7qqNvjm+3XE157zcU33SXMIGvX1uQH/Y4fNpEE1pmX+UCAwEA
AaOBlDCBkTAdBgNVHQ4EFgQUn2ewbtnBTjv6CpeT37jrBNF/h6gwYgYDVR0jBFsw
WYAUn2ewbtnBTjv6CpeT37jrBNF/h6ihNqQ0MDIxCzAJBgNVBAYTAkpQMREwDwYD
VQQKEwhtaXhpIEluYzEQMA4GA1UEAxMHbWl4aS5qcIIJAOi/chE0MhufMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAR7v8eaCaiB5xFVf9k9jOYPjCSQIJ
58nLY869OeNXWWIQ17Tkprcf8ipxsoHj0Z7hJl/nVkSWgGj/bJLTVT9DrcEd6gLa
H5TbGftATZCAJ8QJa3X2omCdB29qqyjz4F6QyTi930qekawPBLlWXuiP3oRNbiow
nOLWEi16qH9WuBs=
-----END CERTIFICATE-----
EOF;
		}
		return true;
	}

  /**
   * helper to try to sort out headers for people who aren't running apache
   */
  private static function get_headers() {/*{{{*/
    if (function_exists('apache_request_headers')) {
      // we need this to get the actual Authorization: header
      // because apache tends to tell us it doesn't exist
      return apache_request_headers();
    }
    // otherwise we don't have apache and are just going to have to hope
    // that $_SERVER actually contains what we need
    $out = array();
    foreach ($_SERVER as $key => $value) {
      if (substr($key, 0, 5) == "HTTP_") {
        // this is chaos, basically it is just there to capitalize the first
        // letter of every word that is not an initial HTTP and strip HTTP
        // code from przemek
        $key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($key, 5)))));
        $out[$key] = $value;
      }
    }
    return $out;
  }/*}}}*/

  /**
   * util function for turning the Authorization: header into
   * parameters, has to do some unescaping
   */
  private static function split_header($header) {/*{{{*/
    // this should be a regex
    // error cases: commas in parameter values
    $parts = explode(",", $header);
    $out = array();
    foreach ($parts as $param) {
      $param = ltrim($param);
      // skip the "realm" param, nobody ever uses it anyway
      if (substr($param, 0, 5) != "oauth") continue;

      $param_parts = explode("=", $param);

      // rawurldecode() used because urldecode() will turn a "+" in the
      // value into a space
      $out[$param_parts[0]] = rawurldecode(substr($param_parts[1], 1, -1));
    }
    return $out;
  }/*}}}*/

}

?>